Research Paper
Computer Science
E-ISSN No : 2454-9916 | Volume : 3 | Issue : 5 | May 2017
PRIVACY AND SECURITY ISSUES IN INTERNET OF THINGS
Sarika Chaudhary Assistant Professor, Dept. of CSE/IT, Amity School of Engineering & Technology, Amity University, Haryana, India. ABSTRACT Internet of Things (IoT) are all over in our daily life. They're utilized in our homes, in hospitals, deployed outside to control and report the changes in setting, forestall fires, and much more helpful practicality. However, all those advantages can return of a large number of risks including privacy loss and security problems. To secure the IoT devices, several analysis works are conducted to step those issues and realize an improved thanks to eliminate those risks, or at least minimize their effects on the user's privacy and security requirements. In the first section IoT devices are discussed. The second one will present IoT device limitations and in third section the classification of attacks on IoT are discussed. The last section can focus on the security of IoT in different layers. KEYWORDS: Attacks, Internet of things, Privacy, Risk, Security. Introduction Internet of things (IoT) could be a assortment of “things” embedded with physical science, software, sensors, actuators, and connected via the net to gather and exchange information with one another. The IoT devices area unit equipped with sensors and process power that change them to be deployed in several environments. A range of common IoT applications is a good home, smart city, good grids, medical and aid instrumentation, connected vehicles, etc. The quick growth of the amount of IoT devices utilised is predicted to achieve forty one billion in 2020 with Associate in Nursing $8.9 trillion market [1] as expressed within the 2013 report of the International Data Corporation (IDC). The distinction between IoT and also the traditional web is that the absence of Human role. The IoT devices will produce info regarding individual's behaviors, analyze it, and take action [2]. Services provided by IoT applications supply an excellent profit for human's life, but they can keep company with an enormous value considering the person's privacy and security protection. Security and privacy stay brobdingnagian problems for IoT devices, which introduce a full new degree of on-line privacy issues for customers. That's as a result of these devices not solely collect personal info like users' names and phone numbers, however may also monitor user activities (e.g., when users are in their homes and what that they had for lunch). Following the never-ending string of disclosures concerning major knowledge breaches, consumers square measure cautious of inserting an excessive amount of personal knowledge in public or personal clouds, with sensible reason.[3] In this survey paper, the IoT security and privacy issues in four aspects are explored. The primary half presents the foremost relevant limitations of IoT devices and their solutions. The second half discusses the classification of existing IoT attacks. Then, we explore the IoT authentication and access management schemes and architectures projected in recent literature. Finally, we analyze the protection problems and mechanisms within the perception layer, network layer, transport layer, and application layer, respectively. IoT Device limitation Trappe et al. [9] presented the issue of IoT constraints, and their effects on using current cryptographic tools as the ones utilized in traditional Internet. The two main limitations are the battery capacity and computing power.
security mechanisms for the strained devices, the authors suggested reusing existing functions. A specific analog characteristics of a transmitter are often accustomed effectively inscribe analog info. These analog nuances can't be foreseen or controlled in producing, and can serve as a novel key. This manner of authentication has very little or no energy overhead as a result of it takes advantage of radio signals. Attacks on IoT Andrea et al. [12] come up with a brand new classification of IoT devices attacks given in four distinct types: physical, network, software, and coding attacks. Every one covers a layer of the IoT structure (physical, network, and application), in addition to the IoT protocols for encryption. The physical attack is performed once the attacker is during a shut distance of the device. The network attacks contain manipulating the IoT network system to cause damage. The software attacks happen once the IoT applications present some security vulnerabilities that permit the attacker to seize the chance and damage the system. Cryptographic attacks contains breaking the system encryption. This sort of attacks is often done by facet channel, cryptography, and man-in-the-middle attacks. Supported the study, to measure the security issues at the physical layer, the device has to use secure booting by applying a cryptological hash algorithms and digital signature to verify its authentication and the integrity of the software package. At the network layer, authentication mechanisms and point-to-point encryption are often wont to guarantee information privacy and development security. The application layer may give security by means of authentication, encryption, and integrity verification, which permits solely the approved users to access information through control lists and firewalls, additionally to the employment of antivirus software. Ronen et al. [11] introduced a brand new taxonomy classification for IoT attacks supported however the attacker options deviates from the legitimate IoT devices. The classification are given in: ignoring, reducing, misusing, and increasing the system functionality. The study targeted on the practicality extension attacks on sensible lights. In this paper two attacks are presented: the first one consisted of making a covert channel to capture confidential information from a corporation building that implemented sensible lights which are connected to the interior sensitive network. The work is completed by exploitation an optical receiver that would scan the info from a distance of over a hundred meters by measurement the precise length and frequency of the small changes within the lights intensity. The second attack showed that an attacker will use those lights to form strobes within the sensitive lightweight frequencies, which may cause a risk of epileptic seizures. The experiments showed that it's necessary to focus on security problems throughout the various phases of planning, implementing and desegregation of the IoT devices.
Battery Life Extension: As some IoT devices area unit deployed in environments where charging isn't accessible, they solely have a restricted energy to execute the designed practicality and serious security instructions will drain the devices resources. [4] attainable approaches are often accustomed mitigate this issue. The primary is to use the minimum security needs on the device, which is not counseled particularly once handling sensitive data. The second approach is to extend the battery capability. However, most IoT devices area unit designed to be light-weight and in tiny size. There's no additional area for a bigger battery. The final approach is to reap energy from natural resources (e.g., light, heat, vibration, wind), however this sort of approach would require Associate in Nursing upgrade to the hardware and considerably increase the financial value[5].
IoT Security Applying existing net standards to sensible devices will simplify the combination of the unreal situations within the IoT contexts. However, the protection mechanisms in typical Internet protocols got to be changed or extended to support the IoT applications. In this section, we tend to discuss the protection problems and existing solutions in numerous layers of IoT.
light-weight Computation: The paper [9] mentioned that standard cryptography cannot work on IoT systems, since the devices have restricted memory area that can't handle the computing and storage requirements of advanced cryptography algorithms. To support
IoT Perception Layer Security: IoT system is intended to gather and exchange knowledge from the physical world. Hence, the perception layer contains numerous types of aggregation and dominant modules, like the temperature sensors, sound sensors, vibration sen-
Copyright© 2016, IERJ. This open-access article is published under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License which permits Share (copy and redistribute the material in any medium or format) and Adapt (remix, transform, and build upon the material) under the Attribution-NonCommercial terms.
International Education & Research Journal [IERJ]
520